Microsoft Security Bulletin Summary for MAY 2017

Discussion in 'update alerts' started by NICK ADSL UK, May 9, 2017.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,242
    Location:
    UK
    Microsoft Security Bulletin Summary for MAY 2017
    Note: There may be latency issues due to replication, if the page does not display keep refreshing

    Today Microsoft released the following Security Bulletin(s).

    Note: Microsoft Security Response Centre and Security TechCenter are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.
    Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

    Bulletin Summary:
    https://portal.msrc.microsoft.com/e...tedetail/bc365363-f51e-e711-80da-000d3a32fc99


    Release Notes
    May 2017 Security Updates
    Release Date: May 09, 2017

    The May security release consists of security updates for the following software:
    •Internet Explorer
    •Microsoft Edge
    •Microsoft Windows
    •Microsoft Office and Microsoft Office Services and Web Apps
    •NET Framework
    •Adobe Flash Player
    Please note the following information regarding the security updates:
    •Beginning with the October 2016 release, Microsoft is changing the update servicing model for Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2. For more information, please see this Microsoft Technet article, Further simplifying servicing models forWindows 7 and Windows 8.1.
    •Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog

    •Starting in March 2017, there will be a Windows 10 1607 delta package that contains just the delta changes between the previous month and the current release.
    •Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
    •In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features
    Note As a reminder, the Security Updates Guide will be replacing security bulletins. Please see our blog post, Furthering our commitment to security updates, for more details.

    Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.
    If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.
    As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.
    Security Tool
    Find out if you are missing important Microsoft product updates by using MBSA
     
    Last edited: May 9, 2017
  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,242
    Location:
    UK
    Title: Microsoft Security Advisory Notification
    Issued: May 8, 2017
    ********************************************************************

    Security Advisories Released or Updated Today
    ==============================================

    * Microsoft Security Advisory 4022344
    - Title: Security Update for Microsoft Malware Protection Engine
    - https://technet.microsoft.com/library/security/4022344.aspx
    - Reason for Revision: Microsoft is releasing this security advisory
    to inform customers that an update to the Microsoft Malware
    Protection Engine addresses a security vulnerability that was
    reported to Microsoft.
    - Originally posted: May 8, 2017
    - Updated: N/A
    - Version: 1.0
     
  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,242
    Location:
    UK
    Microsoft Security Advisory Notification Issued: May 11, 2017
    Security Advisories Released or Updated Today
    * Microsoft Security Advisory 4021279
    - Title: Vulnerabilities in .NET Core, ASP.NET Core Could Allow
    Elevation of Privilege
    https://technet.microsoft.com/library/security/4021279.aspx
    - Reason for Revision: Advisory revised to include a table of
    issue CVEs and their descriptions. This is an informational
    change only.
    - Originally posted: May 9, 2017
    - Updated: May 11, 2017
    - Bulletin Severity Rating: N/A
    - Version: 1.1
     
  4. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,242
    Location:
    UK
  5. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,242
    Location:
    UK
    ********************************************************************
    Title: Microsoft Security Update Releases
    Issued: May 16, 2017
    ********************************************************************

    Summary
    =======

    The following CVEs have undergone a major revision increment.

    * CVE-2017-0254
    * CVE-2017-0264
    * CVE-2017-0265


    Revision Information:
    =====================

    CVE-2017-0254

    - Title: CVE-2017-0254 | Microsoft Office Memory Corruption
    Vulnerability
    - https://portal.msrc.microsoft.com/en-us/security-guidance
    - Reason for Revision: CVE information revised to announce the
    availability of the 14.7.4 update for Microsoft Office for Mac
    2011 (3212221) and the 15.33.0 update for Microsoft Office
    2016 for Mac. Customers running affected Mac software should
    install the appropriate update for their product to be protected
    from the vulnerability discussed in this CVE. Customers running
    other Microsoft Office software do not need to take any action.
    See Microsoft Knowledge Base Article 3212221 and Release notes
    for Office 2016 for Mac for more information and download links.
    - Originally posted: May 9, 2017
    - Updated: May 16, 2017
    - CVE Severity Rating: Important
    - Version: 2.0

    CVE-2017-0264

    - Title: CVE-2017-0264 | Microsoft Office Memory Corruption
    Vulnerability
    - https://portal.msrc.microsoft.com/en-us/security-guidance
    - Reason for Revision: CVE information revised to announce the
    availability of the 14.7.4 update for Microsoft Office for Mac
    2011 (3212221). Customers running affected Mac software should
    install the appropriate update for their product to be protected
    from the vulnerability discussed in this CVE. Customers running
    other Microsoft Office software do not need to take any action.
    See Microsoft Knowledge Base Article 3212221 for more information
    and download links.
    - Originally posted: May 9, 2017
    - Updated: May 16, 2017
    - CVE Severity Rating: Important
    - Version: 2.0

    CVE-2017-0265

    - Title: CVE-2017-0265 | Microsoft Office Memory Corruption
    Vulnerability
    - https://portal.msrc.microsoft.com/en-us/security-guidance
    - Reason for Revision: CVE information revised to announce the
    availability of the 14.7.4 update for Microsoft Office for Mac
    2011 (3212221). Customers running affected Mac software should
    install the appropriate update for their product to be protected
    from the vulnerability discussed in this CVE. Customers running
    other Microsoft Office software do not need to take any action.
    See Microsoft Knowledge Base Article 3212221 for more information
    and download links.
    - Originally posted: May 9, 2017
    - Updated: May 16, 2017
    - CVE Severity Rating: Important
    - Version: 2.0
     
  6. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,242
    Location:
    UK
    Title: Microsoft Security Update Releases
    Issued: May 19, 2017
    ********************************************************************
    Summary
    =======
    The following CVE has undergone a major revision increment.
    * CVE-2017-0223
    Revision Information:
    =====================
    CVE-2017-0223
    - Title: CVE-2017-0223 | Microsoft Edge Elevation of Privilege
    Vulnerability
    - https://portal.msrc.microsoft.com/en-us/security-guidance
    - Reason for Revision: This CVE was addressed by KB4016871, but was
    inadvertently omitted from the May 2017 Security Updates. This is
    an informational change only.
    - Originally posted: May 19, 2017
    - Updated: May 19, 2017
    - CVE Severity Rating: Important
    - Version: 1.0
     
Loading...
Thread Status:
Not open for further replies.